Asouri
(Dawiddyrcz)
20 Maj 2006 11:03
#1
Witam,
jestem laikiem w sprawach hijacka i sprawdzania tych logow,
ostatnio dzieje sie cos niedobrego z moim komputerem, mozliwe ze zlapalem jakiegos wirusa przez p2p, niestety zaden z wielu antyspywareow, antywirusow itp. jakich probowalem mi nie pomogl wiec prosze was powiedzcie mi co mam usunac (i jak ? bo probowalem ale po nastepnym uruchomieniu komputera bylo znowu to samo), a wiec log:
Logfile of HijackThis v1.99.1 Scan saved at 12:56:15, on 2006-05-20 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\MKS\Bin\NetMonSV.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE D:\Program Files\MKS\Bin\mksmonsv.exe D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\LiteStep\litestep.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\WINDOWS\win32host.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe D:\Program Files\MKS\Bin\mks_menu.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe D:\Documents and Settings\Dawid\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) F2 - REG:system.ini: Shell=D:\Documents and Settings\Dawid\Pulpit\litespawn\LiteSpawn\LiteSpawn.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\RunServices: [secures23] lup.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [msconfig38] mssvcc.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra ‘Tools’ menuitem: Osłona programu IE… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O20 - Winlogon Notify: 2006reg - D:\Documents and Settings\All Users\Dokumenty\Settings\2006.dll O20 - Winlogon Notify: s_reg - notifysb.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: ubtlbr - {6ACEBBF8-BDDC-4A6A-B876-86B740180334} - ubtlbr.dll (file missing) O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - D:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - D:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - D:\WINDOWS\win32host.exe (file missing)
pzdr
===========================================
Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:
Pozdrawiam kuz5
Bieniol
(Bbieniol)
20 Maj 2006 11:37
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.
Wyłączasz przywracanie systemu:
Włączasz tryb awaryjny:
Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Win32 Kernel Update
Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz Win32Kernel i ok
Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:
I klikasz na dole “fix checked”
Uruchamiasz narzędzie KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
D:\WINDOWS\win32host.exe
D:\Documents and Settings\All Users\Dokumenty\Settings\2006.dll
D:\WINDOWS\System32\mssvcc.exe
D:\WINDOWS\System32\winsystems.exe
D:\WINDOWS\System32\lup.exe
Klikasz X i restart kompa (restart dopiero po usunięciu ostatniego pliku)
Po zabiegach nowy log z Hijacka + log z Silent Runners
Asouri
(Dawiddyrcz)
21 Maj 2006 08:51
#3
ok zrobione wszystko z instrukcja oprocz
ktorego nie bylo po system scanie w hijacku a oto logi:
Silent Runner
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Steam” = ““C:\Steam\Steam.exe” -silent” [“Valve Corporation”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MKS_MENU” = “D:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “TkBellExe” = ““D:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““D:\WINDOWS\System32\rundll32.exe” “D:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” = “WebCheck” -> {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “D:\WINDOWS\System32\xp61095.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “D:\Program Files\iTunes\iTunesMiniPlayer.dll” [file not found] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “D:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\Audiodev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “D:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WebCheck” = “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” -> {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “D:\WINDOWS\System32\xp61095.dll” [null data] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! “Shell” = “C:\LiteStep\litestep.exe” [“Litestep Development Team”] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! “Shell” = “D:\Documents and Settings\Dawid\Pulpit\litespawn\LiteSpawn\LiteSpawn.exe” [file not found], [file not found], [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk * SsiEfr.e” [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! 2006reg\DLLName = “D:\Documents and Settings\All Users\Dokumenty\Settings\2006.dll” [file not found] INFECTION WARNING! WRNotifier\DLLName = “WRLogonNTF.dll” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “D:\Program Files\MKS\Bin\MkSShell.dll” [null data] TheCleaner(Default) = “{2DE506B9-4320-11d3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TheCleaner(Default) = “{2DE506B9-4320-11D3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “D:\Program Files\MKS\Bin\MkSShell.dll” [null data] TheCleaner(Default) = “{2DE506B9-4320-11D3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\LiteStep\profiles\Dawid\themes\wallpaper.bmp”
HijackThis:
Logfile of HijackThis v1.99.1 Scan saved at 10:49:57, on 2006-05-21 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\MKS\Bin\NetMonSV.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE D:\Program Files\MKS\Bin\mksmonsv.exe D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\LiteStep\litestep.exe D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe D:\Program Files\MKS\Bin\mks_scan.exe D:\Program Files\MKS\Bin\mks_menu.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Gadu-Gadu\gg.exe C:\Steam\Steam.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Dawid\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) F2 - REG:system.ini: Shell=D:\Documents and Settings\Dawid\Pulpit\litespawn\LiteSpawn\LiteSpawn.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [TkBellExe] “D:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [steam] “C:\Steam\Steam.exe” -silent O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra ‘Tools’ menuitem: Osłona programu IE… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{6332A624-7BE6-49F4-9DCC-406BB4ACC8D7}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: 2006reg - D:\Documents and Settings\All Users\Dokumenty\Settings\2006.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - D:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - D:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
wszystko w porzadku ? sam nie wiem uzywam teraz shell’a zamiast explorer.exe litestep’a i co kilka/kilkanascie minut sie wylacza i musze go wlaczac poprzez menadzer zadan windows -> nowe zadanie —> litestep.exe
adam9870
(adam9870)
21 Maj 2006 08:55
#4
Log z silenta jest ucięty. Poczekaj aż skończy (poinformuje wtedy komunikatem) i dopiero wtedy wklej loga na forum.
Możesz skasować:
Jak nie grasz w te gry to to możesz też usunąć
skasuj też resztki po spysweeper
po co ci 2 antyviry ? fsecure + mks ? odinstaluj jednego.
Przy okazji widać już syf, ale poczekamy na całego loga.